JohanF

Honorary Members

View Profile See their activity

Posts
63
Joined
July 6, 2012
Last visited
August 1, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by JohanF

Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Thanks Mr Tate for you help! I'm giving one of the freeware firewalls as well as one of the spyware blocking applications as listed in your links a try to prevent a repetition. For now I think you can close the thread - this machine is now running like new!
- August 1, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

There were no error messages during the last reboot! The AutoIt Error is also gone (I discovered that AutoRun Eater was not running and re-installed it which seemed to solve the problem)
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

ComboFix 12-07-30.03 - User 2012/07/31 19:21:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2878 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\3002.abs c:\documents and settings\User\Application Data\tazebama c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_1.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_2.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_1.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Desktop_2.ini c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\Rotinom\Usb 2.0 Driver\S-1-5-31-1286970278978-5713669491-166975984-320\tlsr\Desktop_.ini c:\documents and settings\User\mail.dat c:\documents and settings\User\mess.dat c:\documents and settings\User\My Documents\~WRL0946.tmp c:\documents and settings\User\My Documents\~WRL1821.tmp c:\documents and settings\User\My Documents\~WRL2902.tmp c:\windows\EventSystem.log c:\windows\system32\test . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))) . . 2012-07-31 16:58 . 2012-07-31 16:58 -------- d-----w- c:\program files\Common Files\Adobe 2012-07-31 16:56 . 2012-07-31 16:56 -------- d-----w- c:\program files\Autorun Eater 2012-07-31 05:43 . 2012-07-31 15:04 -------- d-----w- c:\windows\system32\NtmsData 2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\documents and settings\User\Application Data\Avira 2012-07-30 11:19 . 2012-07-31 12:33 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-30 11:19 . 2012-07-31 12:33 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\program files\Avira 2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-07-30 11:19 . 2011-09-15 21:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-30 10:37 . 2012-07-30 10:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2012-07-30 10:37 . 2012-07-30 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-07-30 10:37 . 2012-07-31 08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-30 10:37 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-23 08:35 . 2012-07-23 08:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-31 16:44 . 2009-02-10 08:42 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-07-31 16:44 . 2009-02-10 08:41 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-07-31 08:09 . 2009-02-10 08:43 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2012-07-30 20:09 . 2009-02-27 15:27 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\WavXMapDrive.bat 2012-07-30 15:48 . 2009-02-10 15:56 143360 ----a-w- c:\windows\system32\igfxtray.exe 2012-07-30 13:48 . 2009-03-04 12:45 45056 ----a-w- c:\documents and settings\User\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe 2012-07-30 11:21 . 2009-02-10 20:01 471040 ----a-w- c:\windows\system32\AESTFltr.exe 2012-07-30 11:21 . 2009-02-10 15:56 178712 ----a-w- c:\windows\system32\hkcmd.exe 2012-07-30 11:21 . 2009-02-10 15:56 150040 ----a-w- c:\windows\system32\igfxpers.exe 2012-07-30 11:21 . 2009-02-10 08:27 49152 ----a-w- c:\windows\system32\ico.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2012-07-30 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-07-30 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-07-30 483420] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2012-07-30 471040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-30 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-30 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-30 150040] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-07-30 136600] "PMX Daemon"="ICO.EXE" [2012-07-30 49152] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2012-07-30 178712] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2012-07-30 128296] "MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348624] "Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-10 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\documents and settings\User\Local Settings\Application Data\S-1-5-31-1286970278978-5713669491-166975984-320\dmc\Office2003 CD-Key.doc.exe"= ipsec "c:\\WINDOWS\\system32\\igfxtray.exe"= "c:\\Program Files\\IDT\\WDM\\sttray.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\\Program Files\\Autorun Eater\\oldmcdonald.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Digital Line Detect\\DLG.exe"= "c:\\Program Files\\DellTPad\\Apoint.exe"= "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"= "c:\windows\TEMP\fxslt.exe"= ipsec "c:\\WINDOWS\\system32\\AESTFltr.exe"= "c:\program files\DellTPad\ApMsgFwd.exe"= ipsec "c:\\Program Files\\Messenger\\msmsgs.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012/07/30 01:19 PM 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012/07/30 01:19 PM 86224] R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007/04/19 07:56 AM 133968] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008/11/11 06:35 PM 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008/11/11 06:35 PM 20840] R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010/09/08 03:44 PM 8704] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009/02/10 05:55 PM 112128] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009/02/10 10:25 AM 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009/02/10 05:57 PM 32808] R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009/02/10 10:35 AM 300672] R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009/02/10 10:35 AM 378368] R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009/02/10 10:35 AM 76328] R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009/02/10 10:35 AM 14976] R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009/02/10 10:35 AM 14976] R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009/02/10 10:35 AM 387200] R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009/02/10 10:35 AM 431616] R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009/02/10 10:35 AM 25984] R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009/02/10 10:35 AM 402944] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009/02/10 05:56 PM 244368] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009/02/10 05:56 PM 110080] R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009/02/10 10:35 AM 25640] S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011/10/14 10:22 AM 135168] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012/01/04 04:55 PM 136176] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011/10/14 10:22 AM 103424] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011/08/02 02:28 PM 114432] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012/01/04 04:55 PM 136176] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011/08/02 02:41 PM 100736] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 11:22] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-04 11:22] . 2012-07-31 c:\windows\Tasks\User_Feed_Synchronization-{310B6855-41DA-46A2-9124-C73B1D85E727}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://agriculture.kzntl.gov.za/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128 uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local> IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.2 TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B}: NameServer = 196.43.1.11,196.25.1.11 TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA}: NameServer = 196.43.1.11,196.25.1.11 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-WinApps - c:\documents and settings\User\Application Data\javainst.exe HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe HKLM-Run-WinApps - c:\documents and settings\User\Application Data\javainst.exe HKLM_ActiveSetup-{6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\User\Application Data\javainst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-31 19:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1100) c:\windows\system32\NetProvCredMan.dll . Completion time: 2012-07-31 19:29:03 ComboFix-quarantined-files.txt 2012-07-31 17:29 . Pre-Run: 95,607,353,344 bytes free Post-Run: 96,938,545,152 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 277A13F53FBAA259B2F6F47078E74575
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Just to let you know - I rebooted before running the TDSKiller (moving from work to home) - the AutoIt Error window still pops up and I also got an "Avgnt.exe - Bad Image" error message : The application or DLL C:\Windows\system32\MSCTF.dll is not a valid Windows image. Please check this againstyour installation diskette.
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Suspicious objects found... 17:42:59.0828 2388 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 17:42:59.0843 2388 ============================================================ 17:42:59.0843 2388 Current date / time: 2012/07/31 17:42:59.0843 17:42:59.0843 2388 SystemInfo: 17:42:59.0843 2388 17:42:59.0843 2388 OS Version: 5.1.2600 ServicePack: 3.0 17:42:59.0843 2388 Product type: Workstation 17:42:59.0843 2388 ComputerName: EXTENSIONREC136 17:42:59.0843 2388 UserName: User 17:42:59.0843 2388 Windows directory: C:\WINDOWS 17:42:59.0843 2388 System windows directory: C:\WINDOWS 17:42:59.0843 2388 Processor architecture: Intel x86 17:42:59.0843 2388 Number of processors: 2 17:42:59.0843 2388 Page size: 0x1000 17:42:59.0843 2388 Boot type: Normal boot 17:42:59.0843 2388 ============================================================ 17:43:00.0390 2388 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:43:00.0390 2388 Drive \Device\Harddisk1\DR5 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:43:00.0390 2388 ============================================================ 17:43:00.0390 2388 \Device\Harddisk0\DR0: 17:43:00.0390 2388 MBR partitions: 17:43:00.0390 2388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x816E1, BlocksNum 0xDF120E0 17:43:00.0390 2388 \Device\Harddisk1\DR5: 17:43:00.0390 2388 MBR partitions: 17:43:00.0390 2388 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x775080 17:43:00.0390 2388 ============================================================ 17:43:00.0437 2388 C: <-> \Device\Harddisk0\DR0\Partition0 17:43:00.0437 2388 ============================================================ 17:43:00.0437 2388 Initialize success 17:43:00.0437 2388 ============================================================ 17:44:18.0828 1532 ============================================================ 17:44:18.0828 1532 Scan started 17:44:18.0828 1532 Mode: Manual; SigCheck; TDLFS; 17:44:18.0828 1532 ============================================================ 17:44:19.0406 1532 Abiosdsk - ok 17:44:19.0468 1532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 17:44:20.0750 1532 abp480n5 - ok 17:44:20.0796 1532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:44:20.0906 1532 ACPI - ok 17:44:20.0906 1532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:44:20.0984 1532 ACPIEC - ok 17:44:21.0031 1532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 17:44:21.0156 1532 adpu160m - ok 17:44:21.0218 1532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:44:21.0343 1532 aec - ok 17:44:21.0375 1532 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys 17:44:21.0437 1532 AESTAud - ok 17:44:21.0500 1532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 17:44:21.0562 1532 AFD - ok 17:44:21.0593 1532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 17:44:21.0734 1532 agp440 - ok 17:44:21.0734 1532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 17:44:21.0843 1532 agpCPQ - ok 17:44:21.0843 1532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 17:44:21.0890 1532 Aha154x - ok 17:44:21.0890 1532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 17:44:21.0984 1532 aic78u2 - ok 17:44:21.0984 1532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 17:44:22.0062 1532 aic78xx - ok 17:44:22.0093 1532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 17:44:22.0171 1532 Alerter - ok 17:44:22.0187 1532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 17:44:22.0250 1532 ALG - ok 17:44:22.0296 1532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 17:44:22.0375 1532 AliIde - ok 17:44:22.0390 1532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 17:44:22.0468 1532 alim1541 - ok 17:44:22.0484 1532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 17:44:22.0578 1532 amdagp - ok 17:44:22.0593 1532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 17:44:22.0625 1532 amsint - ok 17:44:22.0843 1532 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:44:22.0890 1532 AntiVirSchedulerService - ok 17:44:22.0937 1532 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:44:22.0937 1532 AntiVirService - ok 17:44:22.0984 1532 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 17:44:23.0031 1532 ApfiltrService - ok 17:44:23.0078 1532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 17:44:23.0156 1532 AppMgmt - ok 17:44:23.0187 1532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 17:44:23.0312 1532 Arp1394 - ok 17:44:23.0390 1532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 17:44:23.0468 1532 asc - ok 17:44:23.0500 1532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 17:44:23.0531 1532 asc3350p - ok 17:44:23.0546 1532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 17:44:23.0625 1532 asc3550 - ok 17:44:23.0718 1532 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe 17:44:23.0734 1532 ASFAgent - ok 17:44:23.0843 1532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 17:44:23.0875 1532 aspnet_state - ok 17:44:23.0875 1532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:44:23.0953 1532 AsyncMac - ok 17:44:23.0984 1532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:44:24.0062 1532 atapi - ok 17:44:24.0062 1532 Atdisk - ok 17:44:24.0062 1532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:44:24.0156 1532 Atmarpc - ok 17:44:24.0203 1532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 17:44:24.0281 1532 AudioSrv - ok 17:44:24.0296 1532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:44:24.0390 1532 audstub - ok 17:44:24.0421 1532 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:44:24.0437 1532 avgntflt - ok 17:44:24.0515 1532 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:44:24.0531 1532 avipbb - ok 17:44:24.0546 1532 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 17:44:24.0562 1532 avkmgr - ok 17:44:24.0578 1532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:44:24.0671 1532 Beep - ok 17:44:24.0734 1532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 17:44:24.0890 1532 BITS - ok 17:44:24.0921 1532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 17:44:25.0015 1532 Browser - ok 17:44:25.0093 1532 btaudio (f688bbbe8e3e7e03e35caabd66616ddb) C:\WINDOWS\system32\drivers\btaudio.sys 17:44:25.0109 1532 btaudio - ok 17:44:25.0156 1532 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys 17:44:25.0171 1532 BTDriver - ok 17:44:25.0296 1532 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 17:44:25.0343 1532 BTKRNL - ok 17:44:25.0484 1532 btwdins (d48148110ae078cb7221d0fcf20adfec) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 17:44:25.0500 1532 btwdins - ok 17:44:25.0562 1532 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 17:44:25.0562 1532 BTWDNDIS - ok 17:44:25.0578 1532 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 17:44:25.0593 1532 btwmodem - ok 17:44:25.0609 1532 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys 17:44:25.0625 1532 BTWUSB - ok 17:44:25.0687 1532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 17:44:25.0906 1532 cbidf - ok 17:44:25.0906 1532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:44:25.0984 1532 cbidf2k - ok 17:44:26.0046 1532 CCIDFILTER (d006b6a67b8daed85e6d91783e9b45d6) C:\WINDOWS\system32\DRIVERS\ccidflt.sys 17:44:26.0046 1532 CCIDFILTER - ok 17:44:26.0062 1532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 17:44:26.0140 1532 cd20xrnt - ok 17:44:26.0187 1532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:44:26.0265 1532 Cdaudio - ok 17:44:26.0265 1532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:44:26.0343 1532 Cdfs - ok 17:44:26.0359 1532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:44:26.0468 1532 Cdrom - ok 17:44:26.0546 1532 Change Modem Device Service (9b4caefdbe28a24e3218775493784cdf) C:\WINDOWS\system32\ChgService.exe 17:44:26.0562 1532 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - warning 17:44:26.0562 1532 Change Modem Device Service - detected UnsignedFile.Multi.Generic (1) 17:44:26.0562 1532 Changer - ok 17:44:26.0593 1532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 17:44:26.0703 1532 CiSvc - ok 17:44:26.0703 1532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 17:44:26.0796 1532 ClipSrv - ok 17:44:26.0875 1532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:44:26.0921 1532 clr_optimization_v2.0.50727_32 - ok 17:44:26.0953 1532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:44:27.0031 1532 CmBatt - ok 17:44:27.0078 1532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 17:44:27.0156 1532 CmdIde - ok 17:44:27.0234 1532 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\WINDOWS\system32\DRIVERS\cmnsusbser.sys 17:44:27.0312 1532 cmnsusbser - ok 17:44:27.0328 1532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:44:27.0453 1532 Compbatt - ok 17:44:27.0453 1532 COMSysApp - ok 17:44:27.0500 1532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 17:44:27.0625 1532 Cpqarray - ok 17:44:27.0781 1532 Credential Vault Host Control Service (9d57165906778c9e5e0ecb34b311564b) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe 17:44:27.0828 1532 Credential Vault Host Control Service - ok 17:44:27.0828 1532 Credential Vault Host Storage (e31e97859deee648d5867eadfbdbf25a) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe 17:44:27.0843 1532 Credential Vault Host Storage - ok 17:44:27.0890 1532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 17:44:28.0000 1532 CryptSvc - ok 17:44:28.0031 1532 cvusbdrv (dc6429fbc73b0b0b38cc5386c8a607ed) C:\WINDOWS\system32\Drivers\cvusbdrv.sys 17:44:28.0046 1532 cvusbdrv - ok 17:44:28.0109 1532 d553bus (1b4957f756bcc7e5b23d2b6e84fc3f0e) C:\WINDOWS\system32\DRIVERS\d553bus.sys 17:44:28.0125 1532 d553bus - ok 17:44:28.0187 1532 d553card (7eaa24353b3c5589fc6648d2cb944731) C:\WINDOWS\system32\DRIVERS\d553card.sys 17:44:28.0203 1532 d553card - ok 17:44:28.0250 1532 d553gps (9d16a5902722aaceca7b25fc38caeeb0) C:\WINDOWS\system32\DRIVERS\d553gps.sys 17:44:28.0265 1532 d553gps - ok 17:44:28.0265 1532 d553mdfl (e276c9ad870ce72c9ec3a6d95786b185) C:\WINDOWS\system32\DRIVERS\d553mdfl.sys 17:44:28.0281 1532 d553mdfl - ok 17:44:28.0281 1532 d553mdfl2 (74cb6903cc8d6fa633840b368387aecc) C:\WINDOWS\system32\DRIVERS\d553mdfl2.sys 17:44:28.0281 1532 d553mdfl2 - ok 17:44:28.0312 1532 d553mdm (b7e23cb22df23065bdfd528ca7676666) C:\WINDOWS\system32\DRIVERS\d553mdm.sys 17:44:28.0343 1532 d553mdm - ok 17:44:28.0406 1532 d553mdm2 (38fe8eb16cfda18fc08b5a7b6ddb30f1) C:\WINDOWS\system32\DRIVERS\d553mdm2.sys 17:44:28.0421 1532 d553mdm2 - ok 17:44:28.0421 1532 d553nd5 (bfa2af917c240c5f97b9a2b39f595ee2) C:\WINDOWS\system32\DRIVERS\d553nd5.sys 17:44:28.0437 1532 d553nd5 - ok 17:44:28.0484 1532 d553unic (57c4fa520411a861db4284ebb7c9b1ef) C:\WINDOWS\system32\DRIVERS\d553unic.sys 17:44:28.0500 1532 d553unic - ok 17:44:28.0593 1532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 17:44:28.0734 1532 dac2w2k - ok 17:44:28.0750 1532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 17:44:28.0859 1532 dac960nt - ok 17:44:28.0921 1532 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 17:44:29.0015 1532 DcomLaunch - ok 17:44:29.0078 1532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 17:44:29.0234 1532 Dhcp - ok 17:44:29.0265 1532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:44:29.0375 1532 Disk - ok 17:44:29.0406 1532 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 17:44:29.0421 1532 DLABMFSM - ok 17:44:29.0421 1532 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 17:44:29.0437 1532 DLABOIOM - ok 17:44:29.0437 1532 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 17:44:29.0453 1532 DLACDBHM - ok 17:44:29.0453 1532 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 17:44:29.0468 1532 DLADResM - ok 17:44:29.0484 1532 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 17:44:29.0500 1532 DLAIFS_M - ok 17:44:29.0500 1532 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 17:44:29.0515 1532 DLAOPIOM - ok 17:44:29.0515 1532 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 17:44:29.0531 1532 DLAPoolM - ok 17:44:29.0531 1532 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 17:44:29.0546 1532 DLARTL_M - ok 17:44:29.0562 1532 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 17:44:29.0578 1532 DLAUDFAM - ok 17:44:29.0578 1532 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 17:44:29.0593 1532 DLAUDF_M - ok 17:44:29.0593 1532 dmadmin - ok 17:44:29.0656 1532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:44:29.0812 1532 dmboot - ok 17:44:29.0843 1532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:44:29.0937 1532 dmio - ok 17:44:29.0953 1532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:44:30.0031 1532 dmload - ok 17:44:30.0062 1532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 17:44:30.0156 1532 dmserver - ok 17:44:30.0203 1532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:44:30.0328 1532 DMusic - ok 17:44:30.0343 1532 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 17:44:30.0421 1532 Dnscache - ok 17:44:30.0453 1532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 17:44:30.0546 1532 Dot3svc - ok 17:44:30.0578 1532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 17:44:30.0656 1532 dpti2o - ok 17:44:30.0671 1532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:44:30.0734 1532 drmkaud - ok 17:44:30.0750 1532 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 17:44:30.0765 1532 DRVMCDB - ok 17:44:30.0765 1532 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 17:44:30.0781 1532 DRVNDDM - ok 17:44:30.0812 1532 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys 17:44:30.0828 1532 e1yexpress - ok 17:44:30.0875 1532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 17:44:30.0953 1532 EapHost - ok 17:44:30.0968 1532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 17:44:31.0062 1532 ERSvc - ok 17:44:31.0109 1532 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 17:44:31.0140 1532 Eventlog - ok 17:44:31.0218 1532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 17:44:31.0265 1532 EventSystem - ok 17:44:31.0484 1532 EvtEng (87a32636c84555525700e623662e34d9) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 17:44:31.0578 1532 EvtEng ( UnsignedFile.Multi.Generic ) - warning 17:44:31.0578 1532 EvtEng - detected UnsignedFile.Multi.Generic (1) 17:44:31.0687 1532 ewusbnet (9a8dfbcd14a37d3139aacd671a8444a6) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys 17:44:31.0750 1532 ewusbnet - ok 17:44:31.0828 1532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:44:32.0000 1532 Fastfat - ok 17:44:32.0062 1532 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 17:44:32.0140 1532 FastUserSwitchingCompatibility - ok 17:44:32.0187 1532 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 17:44:32.0281 1532 Fax - ok 17:44:32.0296 1532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 17:44:32.0375 1532 Fdc - ok 17:44:32.0375 1532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:44:32.0453 1532 Fips - ok 17:44:32.0453 1532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 17:44:32.0531 1532 Flpydisk - ok 17:44:32.0546 1532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 17:44:32.0640 1532 FltMgr - ok 17:44:32.0734 1532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 17:44:32.0750 1532 FontCache3.0.0.0 - ok 17:44:32.0750 1532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:44:32.0828 1532 Fs_Rec - ok 17:44:32.0859 1532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:44:32.0953 1532 Ftdisk - ok 17:44:32.0968 1532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:44:33.0062 1532 Gpc - ok 17:44:33.0218 1532 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 17:44:33.0218 1532 gupdate - ok 17:44:33.0218 1532 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 17:44:33.0234 1532 gupdatem - ok 17:44:33.0281 1532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:44:33.0359 1532 HDAudBus - ok 17:44:33.0437 1532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:44:33.0515 1532 helpsvc - ok 17:44:33.0562 1532 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 17:44:33.0640 1532 HidServ - ok 17:44:33.0656 1532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:44:33.0781 1532 hidusb - ok 17:44:33.0828 1532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 17:44:33.0968 1532 hkmsvc - ok 17:44:34.0031 1532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 17:44:34.0109 1532 hpn - ok 17:44:34.0171 1532 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 17:44:34.0218 1532 HSFHWAZL - ok 17:44:34.0312 1532 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 17:44:34.0406 1532 HSF_DPV - ok 17:44:34.0437 1532 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 17:44:34.0531 1532 HTTP - ok 17:44:34.0562 1532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 17:44:34.0625 1532 HTTPFilter - ok 17:44:34.0671 1532 hwdatacard (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 17:44:34.0750 1532 hwdatacard - ok 17:44:34.0812 1532 hwusbfake (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys 17:44:34.0875 1532 hwusbfake - ok 17:44:34.0906 1532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 17:44:34.0984 1532 i2omgmt - ok 17:44:35.0046 1532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 17:44:35.0109 1532 i2omp - ok 17:44:35.0140 1532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:44:35.0234 1532 i8042prt - ok 17:44:35.0406 1532 IAANTMON (f148c2e931bfc20397edc0a7b4f8e22b) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 17:44:35.0421 1532 IAANTMON - ok 17:44:35.0937 1532 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 17:44:36.0406 1532 ialm - ok 17:44:36.0625 1532 iaStor (692830b048aacd7e0d6ededf098acc01) C:\WINDOWS\system32\drivers\iaStor.sys 17:44:36.0656 1532 iaStor - ok 17:44:36.0843 1532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:44:37.0000 1532 idsvc - ok 17:44:37.0046 1532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:44:37.0250 1532 Imapi - ok 17:44:37.0328 1532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 17:44:37.0421 1532 ImapiService - ok 17:44:37.0453 1532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 17:44:37.0531 1532 ini910u - ok 17:44:37.0578 1532 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys 17:44:37.0640 1532 IntcHdmiAddService - ok 17:44:37.0640 1532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 17:44:37.0718 1532 IntelIde - ok 17:44:37.0750 1532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:44:37.0828 1532 intelppm - ok 17:44:37.0859 1532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 17:44:37.0968 1532 Ip6Fw - ok 17:44:38.0000 1532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:44:38.0093 1532 IpFilterDriver - ok 17:44:38.0125 1532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:44:38.0203 1532 IpInIp - ok 17:44:38.0218 1532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:44:38.0312 1532 IpNat - ok 17:44:38.0312 1532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:44:38.0390 1532 IPSec - ok 17:44:38.0390 1532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:44:38.0421 1532 IRENUM - ok 17:44:38.0453 1532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:44:38.0546 1532 isapnp - ok 17:44:38.0734 1532 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe 17:44:38.0750 1532 JavaQuickStarterService - ok 17:44:38.0796 1532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:44:38.0875 1532 Kbdclass - ok 17:44:38.0875 1532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:44:38.0937 1532 kbdhid - ok 17:44:39.0000 1532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:44:39.0125 1532 kmixer - ok 17:44:39.0156 1532 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 17:44:39.0281 1532 KSecDD - ok 17:44:39.0328 1532 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 17:44:39.0453 1532 LanmanServer - ok 17:44:39.0500 1532 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll 17:44:39.0625 1532 lanmanworkstation - ok 17:44:39.0625 1532 lbrtfdc - ok 17:44:39.0656 1532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 17:44:39.0781 1532 LmHosts - ok 17:44:39.0812 1532 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:44:39.0828 1532 mdmxsdk - ok 17:44:39.0859 1532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 17:44:39.0953 1532 Messenger - ok 17:44:39.0984 1532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:44:40.0046 1532 mnmdd - ok 17:44:40.0109 1532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 17:44:40.0171 1532 mnmsrvc - ok 17:44:40.0203 1532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:44:40.0265 1532 Modem - ok 17:44:40.0312 1532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:44:40.0390 1532 Mouclass - ok 17:44:40.0406 1532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:44:40.0500 1532 mouhid - ok 17:44:40.0515 1532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:44:40.0593 1532 MountMgr - ok 17:44:40.0625 1532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 17:44:40.0703 1532 mraid35x - ok 17:44:40.0718 1532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:44:40.0812 1532 MRxDAV - ok 17:44:40.0875 1532 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:44:40.0953 1532 MRxSmb - ok 17:44:40.0984 1532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 17:44:41.0062 1532 MSDTC - ok 17:44:41.0062 1532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:44:41.0156 1532 Msfs - ok 17:44:41.0156 1532 MSIServer - ok 17:44:41.0187 1532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:44:41.0265 1532 MSKSSRV - ok 17:44:41.0281 1532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:44:41.0359 1532 MSPCLOCK - ok 17:44:41.0359 1532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:44:41.0437 1532 MSPQM - ok 17:44:41.0453 1532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:44:41.0515 1532 mssmbios - ok 17:44:41.0531 1532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 17:44:41.0609 1532 Mup - ok 17:44:41.0656 1532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 17:44:41.0765 1532 napagent - ok 17:44:41.0765 1532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:44:41.0843 1532 NDIS - ok 17:44:41.0875 1532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:44:41.0937 1532 NdisTapi - ok 17:44:41.0968 1532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:44:42.0031 1532 Ndisuio - ok 17:44:42.0046 1532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:44:42.0140 1532 NdisWan - ok 17:44:42.0140 1532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 17:44:42.0218 1532 NDProxy - ok 17:44:42.0218 1532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:44:42.0281 1532 NetBIOS - ok 17:44:42.0312 1532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:44:42.0406 1532 NetBT - ok 17:44:42.0453 1532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 17:44:42.0546 1532 NetDDE - ok 17:44:42.0546 1532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 17:44:42.0609 1532 NetDDEdsdm - ok 17:44:42.0656 1532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:44:42.0718 1532 Netlogon - ok 17:44:42.0750 1532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 17:44:42.0843 1532 Netman - ok 17:44:42.0921 1532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:44:42.0953 1532 NetTcpPortSharing - ok 17:44:43.0234 1532 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 17:44:43.0578 1532 NETw5x32 - ok 17:44:43.0781 1532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 17:44:43.0953 1532 NIC1394 - ok 17:44:44.0000 1532 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll 17:44:44.0046 1532 Nla - ok 17:44:44.0078 1532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:44:44.0156 1532 Npfs - ok 17:44:44.0250 1532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:44:44.0375 1532 Ntfs - ok 17:44:44.0421 1532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:44:44.0484 1532 NtLmSsp - ok 17:44:44.0578 1532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 17:44:44.0703 1532 NtmsSvc - ok 17:44:44.0734 1532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:44:44.0843 1532 Null - ok 17:44:44.0843 1532 NvtSp50 - ok 17:44:44.0859 1532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:44:44.0953 1532 NwlnkFlt - ok 17:44:44.0968 1532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:44:45.0062 1532 NwlnkFwd - ok 17:44:45.0093 1532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 17:44:45.0156 1532 ohci1394 - ok 17:44:45.0234 1532 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:44:45.0250 1532 ose - ok 17:44:45.0265 1532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 17:44:45.0343 1532 Parport - ok 17:44:45.0343 1532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:44:45.0421 1532 PartMgr - ok 17:44:45.0421 1532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:44:45.0484 1532 ParVdm - ok 17:44:45.0531 1532 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 17:44:45.0546 1532 PBADRV - ok 17:44:45.0546 1532 PCASp50 - ok 17:44:45.0562 1532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:44:45.0640 1532 PCI - ok 17:44:45.0656 1532 PCIDump - ok 17:44:45.0671 1532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:44:45.0734 1532 PCIIde - ok 17:44:45.0750 1532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 17:44:45.0828 1532 Pcmcia - ok 17:44:45.0828 1532 PDCOMP - ok 17:44:45.0828 1532 PDFRAME - ok 17:44:45.0828 1532 PDRELI - ok 17:44:45.0828 1532 PDRFRAME - ok 17:44:45.0859 1532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 17:44:45.0921 1532 perc2 - ok 17:44:45.0937 1532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 17:44:46.0000 1532 perc2hib - ok 17:44:46.0031 1532 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 17:44:46.0031 1532 PlugPlay - ok 17:44:46.0031 1532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:44:46.0109 1532 PolicyAgent - ok 17:44:46.0125 1532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:44:46.0218 1532 PptpMiniport - ok 17:44:46.0218 1532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:44:46.0281 1532 ProtectedStorage - ok 17:44:46.0296 1532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:44:46.0359 1532 PSched - ok 17:44:46.0375 1532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:44:46.0437 1532 Ptilink - ok 17:44:46.0453 1532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:44:46.0468 1532 PxHelp20 - ok 17:44:46.0484 1532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 17:44:46.0562 1532 ql1080 - ok 17:44:46.0578 1532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 17:44:46.0671 1532 Ql10wnt - ok 17:44:46.0687 1532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 17:44:46.0750 1532 ql12160 - ok 17:44:46.0765 1532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 17:44:46.0843 1532 ql1240 - ok 17:44:46.0859 1532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 17:44:46.0937 1532 ql1280 - ok 17:44:46.0953 1532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:44:47.0015 1532 RasAcd - ok 17:44:47.0078 1532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 17:44:47.0156 1532 RasAuto - ok 17:44:47.0187 1532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:44:47.0281 1532 Rasl2tp - ok 17:44:47.0312 1532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 17:44:47.0390 1532 RasMan - ok 17:44:47.0406 1532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:44:47.0468 1532 RasPppoe - ok 17:44:47.0500 1532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:44:47.0578 1532 Raspti - ok 17:44:47.0609 1532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:44:47.0671 1532 Rdbss - ok 17:44:47.0687 1532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:44:47.0750 1532 RDPCDD - ok 17:44:47.0781 1532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 17:44:47.0859 1532 rdpdr - ok 17:44:47.0890 1532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 17:44:47.0984 1532 RDPWD - ok 17:44:48.0015 1532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 17:44:48.0093 1532 RDSessMgr - ok 17:44:48.0125 1532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:44:48.0187 1532 redbook - ok 17:44:48.0312 1532 RegSrvc (d1875727d04eae948f139022dcad3d47) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 17:44:48.0328 1532 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 17:44:48.0328 1532 RegSrvc - detected UnsignedFile.Multi.Generic (1) 17:44:48.0437 1532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 17:44:48.0515 1532 RemoteAccess - ok 17:44:48.0531 1532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 17:44:48.0625 1532 RemoteRegistry - ok 17:44:48.0656 1532 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 17:44:48.0687 1532 rimmptsk - ok 17:44:48.0734 1532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 17:44:48.0828 1532 RpcLocator - ok 17:44:48.0875 1532 Rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\WINDOWS\system32\rpcnet.exe 17:44:48.0890 1532 Rpcnet - ok 17:44:48.0953 1532 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 17:44:48.0968 1532 RpcSs - ok 17:44:49.0015 1532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 17:44:49.0140 1532 RSVP - ok 17:44:49.0343 1532 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe 17:44:49.0421 1532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 17:44:49.0421 1532 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 17:44:49.0515 1532 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys 17:44:49.0546 1532 s24trans ( UnsignedFile.Multi.Generic ) - warning 17:44:49.0546 1532 s24trans - detected UnsignedFile.Multi.Generic (1) 17:44:49.0578 1532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 17:44:49.0640 1532 SamSs - ok 17:44:49.0671 1532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 17:44:49.0859 1532 SCardSvr - ok 17:44:49.0906 1532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 17:44:49.0984 1532 Schedule - ok 17:44:50.0031 1532 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 17:44:50.0125 1532 sdbus - ok 17:44:50.0171 1532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:44:50.0203 1532 Secdrv - ok 17:44:50.0218 1532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 17:44:50.0296 1532 seclogon - ok 17:44:50.0296 1532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 17:44:50.0375 1532 SENS - ok 17:44:50.0406 1532 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:44:50.0500 1532 Serenum - ok 17:44:50.0515 1532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 17:44:50.0625 1532 Serial - ok 17:44:50.0640 1532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:44:50.0734 1532 Sfloppy - ok 17:44:50.0796 1532 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 17:44:50.0906 1532 SharedAccess - ok 17:44:50.0968 1532 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 17:44:51.0062 1532 ShellHWDetection - ok 17:44:51.0062 1532 Simbad - ok 17:44:51.0109 1532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 17:44:51.0218 1532 sisagp - ok 17:44:51.0265 1532 Sony_EricssonWWSC (9d0e9f3d67d2260d6b146977276068d0) C:\WINDOWS\system32\DRIVERS\d553scard.sys 17:44:51.0265 1532 Sony_EricssonWWSC - ok 17:44:51.0296 1532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 17:44:51.0359 1532 Sparrow - ok 17:44:51.0406 1532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:44:51.0531 1532 splitter - ok 17:44:51.0546 1532 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 17:44:51.0671 1532 Spooler - ok 17:44:51.0687 1532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:44:51.0750 1532 sr - ok 17:44:51.0781 1532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 17:44:51.0859 1532 srservice - ok 17:44:51.0890 1532 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 17:44:51.0968 1532 Srv - ok 17:44:52.0000 1532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 17:44:52.0062 1532 SSDPSRV - ok 17:44:52.0140 1532 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:44:52.0156 1532 ssmdrv - ok 17:44:52.0218 1532 STacSV (cb2449150a5ea17caa0b94363d9440cc) c:\drivers\audio\r205445\stacsv.exe 17:44:52.0265 1532 STacSV - ok 17:44:52.0468 1532 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys 17:44:52.0546 1532 STHDA - ok 17:44:52.0625 1532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 17:44:52.0734 1532 stisvc - ok 17:44:52.0812 1532 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 17:44:52.0828 1532 stllssvr ( UnsignedFile.Multi.Generic ) - warning 17:44:52.0828 1532 stllssvr - detected UnsignedFile.Multi.Generic (1) 17:44:52.0921 1532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:44:52.0984 1532 swenum - ok 17:44:53.0031 1532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:44:53.0125 1532 swmidi - ok 17:44:53.0125 1532 SwPrv - ok 17:44:53.0171 1532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 17:44:53.0234 1532 symc810 - ok 17:44:53.0250 1532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 17:44:53.0328 1532 symc8xx - ok 17:44:53.0343 1532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 17:44:53.0421 1532 sym_hi - ok 17:44:53.0421 1532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 17:44:53.0484 1532 sym_u3 - ok 17:44:53.0531 1532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:44:53.0609 1532 sysaudio - ok 17:44:53.0640 1532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 17:44:53.0718 1532 SysmonLog - ok 17:44:53.0765 1532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 17:44:53.0843 1532 TapiSrv - ok 17:44:53.0890 1532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:44:53.0937 1532 Tcpip - ok 17:44:53.0984 1532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:44:54.0046 1532 TDPIPE - ok 17:44:54.0093 1532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:44:54.0156 1532 TDTCP - ok 17:44:54.0187 1532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:44:54.0250 1532 TermDD - ok 17:44:54.0281 1532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 17:44:54.0375 1532 TermService - ok 17:44:54.0421 1532 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 17:44:54.0484 1532 Themes - ok 17:44:54.0515 1532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 17:44:54.0578 1532 TlntSvr - ok 17:44:54.0609 1532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 17:44:54.0671 1532 TosIde - ok 17:44:54.0703 1532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 17:44:54.0781 1532 TrkWks - ok 17:44:54.0796 1532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:44:54.0890 1532 Udfs - ok 17:44:54.0921 1532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 17:44:54.0968 1532 ultra - ok 17:44:55.0031 1532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:44:55.0125 1532 Update - ok 17:44:55.0156 1532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 17:44:55.0203 1532 upnphost - ok 17:44:55.0203 1532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 17:44:55.0281 1532 UPS - ok 17:44:55.0343 1532 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:44:55.0359 1532 usbccgp - ok 17:44:55.0421 1532 USBCCID (150442fa5224dc338028543e2fffa7b4) C:\WINDOWS\system32\DRIVERS\usbccid.sys 17:44:55.0421 1532 USBCCID - ok 17:44:55.0437 1532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:44:55.0531 1532 usbehci - ok 17:44:55.0546 1532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:44:55.0609 1532 usbhub - ok 17:44:55.0656 1532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:44:55.0734 1532 usbprint - ok 17:44:55.0781 1532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:44:55.0890 1532 USBSTOR - ok 17:44:55.0921 1532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:44:56.0015 1532 usbuhci - ok 17:44:56.0015 1532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:44:56.0109 1532 VgaSave - ok 17:44:56.0187 1532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 17:44:56.0281 1532 viaagp - ok 17:44:56.0312 1532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 17:44:56.0406 1532 ViaIde - ok 17:44:56.0546 1532 VmbService (184f8f8c967a8455b0397944e864bae0) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe 17:44:56.0546 1532 VmbService ( UnsignedFile.Multi.Generic ) - warning 17:44:56.0546 1532 VmbService - detected UnsignedFile.Multi.Generic (1) 17:44:56.0562 1532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:44:56.0671 1532 VolSnap - ok 17:44:56.0750 1532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 17:44:56.0812 1532 VSS - ok 17:44:56.0843 1532 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 17:44:56.0968 1532 w32time - ok 17:44:57.0000 1532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:44:57.0078 1532 Wanarp - ok 17:44:57.0156 1532 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:44:57.0187 1532 Wdf01000 - ok 17:44:57.0187 1532 WDICA - ok 17:44:57.0250 1532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:44:57.0343 1532 wdmaud - ok 17:44:57.0390 1532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 17:44:57.0468 1532 WebClient - ok 17:44:57.0562 1532 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:44:57.0609 1532 winachsf - ok 17:44:57.0734 1532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 17:44:57.0812 1532 winmgmt - ok 17:44:57.0859 1532 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 17:44:57.0937 1532 WmdmPmSN - ok 17:44:58.0015 1532 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 17:44:58.0031 1532 Wmi - ok 17:44:58.0140 1532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:44:58.0203 1532 WmiAcpi - ok 17:44:58.0265 1532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:44:58.0343 1532 WmiApSrv - ok 17:44:58.0375 1532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 17:44:58.0453 1532 wscsvc - ok 17:44:58.0500 1532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 17:44:58.0562 1532 wuauserv - ok 17:44:58.0593 1532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 17:44:58.0687 1532 WZCSVC - ok 17:44:58.0703 1532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 17:44:58.0781 1532 xmlprov - ok 17:44:58.0828 1532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 17:44:59.0328 1532 \Device\Harddisk0\DR0 - ok 17:44:59.0328 1532 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5 17:44:59.0906 1532 \Device\Harddisk1\DR5 - ok 17:44:59.0906 1532 Boot (0x1200) (d4aa1427426be4d63e57c9925208e842) \Device\Harddisk0\DR0\Partition0 17:44:59.0906 1532 \Device\Harddisk0\DR0\Partition0 - ok 17:44:59.0906 1532 Boot (0x1200) (57b9302739139f67b6fddb26d00ae863) \Device\Harddisk1\DR5\Partition0 17:44:59.0906 1532 \Device\Harddisk1\DR5\Partition0 - ok 17:44:59.0906 1532 ============================================================ 17:44:59.0906 1532 Scan finished 17:44:59.0906 1532 ============================================================ 17:45:00.0015 2032 Detected object count: 7 17:45:00.0015 2032 Actual detected object count: 7 17:45:26.0671 2032 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0671 2032 Change Modem Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0671 2032 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0671 2032 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0687 2032 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0687 2032 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0687 2032 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0687 2032 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0687 2032 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0687 2032 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0687 2032 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0687 2032 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:45:26.0687 2032 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user 17:45:26.0687 2032 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:47:47.0781 2868 Deinitialize success
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

OK, but what about the warning at the end of the DDS log? (Warning: possible TDL3 rootkit infection !)
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Yes, those settings are OK. The proxy server is not currently in use, but should remain there when he needs to connect through it. I'm currently online on the machine without any problems.
- July 31, 2012
- 18 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: EXTENSIONREC136 [administrator] 2012/07/31 02:27:06 PM mbam-log-2012-07-31 (14-27-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218253 Time elapsed: 19 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 15:05:28 on 2012-07-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2825 [GMT 2:00] . AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r205445\stacsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\system32\ChgService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://agriculture.kzntl.gov.za/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128 uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local> mWinlogon: System=ziswin.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [WinApps] c:\documents and settings\user\application data\javainst.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [PMX Daemon] ICO.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12 mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe mRun: [WinApps] c:\documents and settings\user\application data\javainst.exe mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mExplorerRun: [WinApps] c:\documents and settings\user\application data\javainst.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe mPolicies-system: CompatibleRUPSecurity = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241690082484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B} : NameServer = 196.43.1.11,196.25.1.11 TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA} : NameServer = 196.43.1.11,196.25.1.11 Notify: igfxcui - igfxdev.dll mASetup: {6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\user\application data\javainst.exe . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032] R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 83392] R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-10-14 135168] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840] R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-2-10 112128] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-10 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-10 32808] R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-2-10 300672] R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-2-10 378368] R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-2-10 76328] R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-2-10 14976] R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-2-10 14976] R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-2-10 387200] R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-2-10 431616] R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-2-10 25984] R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-2-10 402944] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-2-10 244368] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-10 110080] R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-2-10 25640] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-10-14 103424] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-2 114432] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-8-2 100736] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?] . =============== Created Last 30 ================ . 2012-07-31 05:43:14 -------- d-----w- c:\windows\system32\NtmsData 2012-07-30 11:19:36 -------- d-----w- c:\documents and settings\user\application data\Avira 2012-07-30 11:19:08 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-30 11:19:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-30 11:19:08 -------- d-----w- c:\program files\Avira 2012-07-30 11:19:08 -------- d-----w- c:\documents and settings\all users\application data\Avira 2012-07-30 10:37:13 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes 2012-07-30 10:37:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-30 10:37:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-30 10:37:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-18 14:10:39 -------- d-----w- c:\documents and settings\user\application data\tazebama 2012-07-01 17:24:08 -------- d-sh--r- c:\documents and settings\user\local settings\application data\Start . ==================== Find3M ==================== . 2012-07-31 12:56:40 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-07-31 12:56:38 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-07-31 08:09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2012-07-30 15:48:43 143360 ----a-w- c:\windows\system32\igfxtray.exe 2012-07-30 11:21:57 471040 ----a-w- c:\windows\system32\AESTFltr.exe 2012-07-30 11:21:53 178712 ----a-w- c:\windows\system32\hkcmd.exe 2012-07-30 11:21:52 150040 ----a-w- c:\windows\system32\igfxpers.exe 2012-07-30 11:21:48 49152 ----a-w- c:\windows\system32\ico.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD12 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA0F8000]<< >>UNKNOWN [0xBA0E8000]<< >>UNKNOWN [0xB9E35000]<< >>UNKNOWN [0x806E4000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC2C478] \Driver\Disk[0x8B26E190] -> IRP_MJ_CREATE -> 0xBA0FEBB0 3 [0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-1[0x8B238028] \Driver\iaStor[0x8B2BB8A8] -> IRP_MJ_CREATE -> 0xB9E76ED4 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 15:05:56.12 ===============
- July 31, 2012
- 18 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Thanks yes, let's close this!
- July 31, 2012
- 100 replies
Can't get rid of W32/Sality.AT

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

If only I could get paid fro this! - there's another one waiting for me with some very nasties on it (attacked my flash drive and all the AV software on it!) Somehow I thought that I was not suppose to remove any malware after submitting the DDS log. I'm currently scanning with MBAM again an will opt to remove them. Should I submit anything(log) after that?
- July 31, 2012
- 18 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Thanks, but I'm using XP - the desktop.ini file actually opens (even if the "Hide hidden system files" are checked).However, I think I solved it - the desktop.ini file was in the idividual user's startup folders. Deleting them there seems to do the job! Thanks again for helping me!
- July 31, 2012
- 100 replies
Can't get rid of W32/Sality.AT

JohanF posted a topic in Resolved Malware Removal Logs

Hi, A friend came to me with his laptop with no icons apearing on the desktop. I managed to get them back by running explorer.exe via taskmanager, but suspected some malware infections as his anti-virus protection was outdated. I installed the Avira Free scanner, which detected thousands of files infected with W32/Sality.AT. A number of other trojans were also detected. After numerous reboot and re-scan attempts, and also a scan with MBAM, I still get the W32/Sality.AT virus as well as some other trojans like TR/Agent2, TR/Patched, TR/Crypt.XPACK and TR/Crypt.ZPACK. Futhermore, a small AutoIt Error window pops up every time after a re-start with the message "Unable to open the script file" Here are the DDS logs as well as the MBAM log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by User at 11:18:26 on 2012-07-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2902 [GMT 2:00] . AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r205445\stacsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\system32\ChgService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://agriculture.kzntl.gov.za/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy.kzntl.gov.za:3128 uInternet Settings,ProxyOverride = *.KZNTL.GOV.ZA; 10.200.188.*;<local> mWinlogon: System=ziswin.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [WinApps] c:\documents and settings\user\application data\javainst.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [PMX Daemon] ICO.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12 mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe mRun: [WinApps] c:\documents and settings\user\application data\javainst.exe mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mExplorerRun: [WinApps] c:\documents and settings\user\application data\javainst.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe mPolicies-system: CompatibleRUPSecurity = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241690082484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: Interfaces\{12EEDB33-EBF2-456A-9C3B-36CD89EFE58B} : NameServer = 196.43.1.11,196.25.1.11 TCP: Interfaces\{5B852397-714C-400B-85EC-DEFB87AD21CA} : NameServer = 196.43.1.11,196.25.1.11 Notify: igfxcui - igfxdev.dll mASetup: {6FF1DCAB-A6BA-468D-A7AC-CFEBDECB9BCA} - c:\documents and settings\user\application data\javainst.exe . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-30 36000] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-30 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-30 110032] R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-30 74640] R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2011-10-14 135168] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840] R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-9-8 8704] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-2-10 112128] R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-2-10 12840] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-2-10 32808] R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-2-10 300672] R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-2-10 378368] R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-2-10 76328] R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-2-10 14976] R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-2-10 14976] R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-2-10 387200] R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-2-10 431616] R3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-2-10 25984] R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-2-10 402944] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-2-10 244368] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-10 110080] R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-2-10 25640] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176] S3 amsint32;amsint32;\??\c:\windows\system32\drivers\gnmoh.sys --> c:\windows\system32\drivers\gnmoh.sys [?] S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2011-10-14 103424] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-2 114432] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-4 136176] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-8-2 100736] S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?] . =============== Created Last 30 ================ . 2012-07-31 05:43:14 -------- d-----w- c:\windows\system32\NtmsData 2012-07-30 11:19:36 -------- d-----w- c:\documents and settings\user\application data\Avira 2012-07-30 11:19:08 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-30 11:19:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-30 11:19:08 -------- d-----w- c:\program files\Avira 2012-07-30 11:19:08 -------- d-----w- c:\documents and settings\all users\application data\Avira 2012-07-30 10:37:13 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes 2012-07-30 10:37:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-30 10:37:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-30 10:37:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-18 14:10:39 -------- d-----w- c:\documents and settings\user\application data\tazebama 2012-07-01 17:24:08 -------- d-sh--r- c:\documents and settings\user\local settings\application data\Start . ==================== Find3M ==================== . 2012-07-31 08:51:00 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-07-31 08:50:58 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-07-31 08:09:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2012-07-30 15:48:43 143360 ----a-w- c:\windows\system32\igfxtray.exe 2012-07-30 11:21:57 471040 ----a-w- c:\windows\system32\AESTFltr.exe 2012-07-30 11:21:53 178712 ----a-w- c:\windows\system32\hkcmd.exe 2012-07-30 11:21:52 150040 ----a-w- c:\windows\system32\igfxpers.exe 2012-07-30 11:21:48 49152 ----a-w- c:\windows\system32\ico.exe . ============= FINISH: 11:18:50.71 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2009/02/27 05:27:27 PM System Uptime: 2012/07/31 10:50:19 AM (1 hours ago) . Motherboard: Dell Inc. | | 0GY027 Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 2260/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 89.22 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 All Day Battery Life Configuration Autorun Eater v2.5 Avira Free Antivirus BioAPI Framework Broadcom USH Host Components BRU Report Writer version 9 Computer Basics Computer Security and Privacy Conexant HDA D330 MDC V.92 Modem Dell 5530 Wireless Broadband Package Dell Resource CD Dell Security Device Driver Pack Dell Touchpad Digital Lifestyles Digital Line Detect Ericsson Wireless Manager ESRI MapObjects 2 Runtime Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB945436) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954434) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB958347) Hotfix for Windows XP (KB959252) Hotfix for Windows XP (KB961118) Intel PROSet Wireless Intel® Graphics Media Accelerator Driver Intel® Network Connections 13.0.42.0 Intel® PRO Alerting Agent Intel® PROSet/Wireless WiFi API Intel® PROSet/Wireless WiFi Driver Intel® Matrix Storage Manager Java 6 Update 11 Java 6 Update 7 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Baseline Security Analyzer 2.1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Modem Diagnostic Tool Mouse Suite for Laptop Computers MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) NetWaiting NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1) PowerDVD Productivity Programs Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB952069) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB963027) Sonic CinePlayer Decoder Pack The Internet and the World Wide Web Update for Windows XP (KB898461) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VKOM 301USB version 5.458 Vodafone Mobile Broadband Lite WebFldrs XP WIDCOMM Bluetooth Software Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows NT Messaging Windows Presentation Foundation XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 2012/07/30 12:54:02 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal. 2012/07/30 11:35:56 AM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed. 2012/07/30 10:10:03 PM, error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 303 (0x12F). 2012/07/30 10:09:43 PM, error: ACPI [43] - The system sleep operation failed 2012/07/30 01:25:51 PM, error: Service Control Manager [7034] - The Avira Realtime Protection service terminated unexpectedly. It has done this 3 time(s). 2012/07/30 01:25:38 PM, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 2012/07/30 01:25:28 PM, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 2012/07/24 04:34:42 PM, error: Dhcp [1002] - The IP address lease 41.8.139.236 for the Network Card with network address 001E101F0815 has been denied by the DHCP server 41.9.76.109 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== MBAM Log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: EXTENSIONREC136 [administrator] 2012/07/31 12:27:25 PM mbam-log-2012-07-31 (12-50-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218584 Time elapsed: 4 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> No action taken. HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I'm sure some clever person will be able to help me here! Thanks in advance! Johan
- July 31, 2012
- 18 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Sorry to open this thread again, but some new irritation came up... I created another user profile on this machine. Now, whenever I log in under the new username, a text file pops up in notepad with the following text: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\sytem32\Shell32.dll, -21787 I have deleted the desktop.ini file in C:\Documents and Settings\All Users\Start Menu\Programs\Startup and C:\Documents and Settings\All Users\Start Menu\Programs, (as indicated on the Microsoft Support site), but it doesn't help.
- July 31, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Success!! It wasn't easy - I first tried downloading the free tool (RRT), but the link took me to a download site for something else called CaSIR which seemed as if it will fix every registry entry damaged by the malware and more (sounds to good to be true!). I downloaded it, but AVG reported a trojan horse in the exe file I also scanned it with Avira which reported that it is clean, but I decided not to take any chances. Then I downloaded the registry file and installed it, but that did not solve my problem. Finally I tried to fix the registry manually, but was aslo not successfull. Then I compared the registry entries with those on my other PC and changed values accordingly - voilla!! Under HideFileExt the CheckedValue should be = 1 and the UncheckedValue = 0 Under SuperHidden the CheckedValue should be = 0 and the UncheckedValue = 1 I can still not boot in Safe Mode and I suspect ComboFix will still not run, but at this stage I don't think there's any reason to try and solve either? It would be interesting to know though if CaSIR is as usefull as it claims to be or if it is indeed some trojan carrier?
- July 27, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

I've got a feeling that this is going to work!! Will report back tomorrow (bed-time now!)...
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

No, I just click Apply at the bottom, but it is actually applied to all folders (when I do it on my other XP computer).
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

No, I think you misunderstood me there - when exploring a folder or drive, I wish to see hidden files and folders as well as the file extensions. This option is set by deselecting the two options under the Advanced settings on the View tab of the folder options. Hidden files will then display as dimmed/greyed icons, but can still be opened. My problem is that when I remove the two ticks and click apply and close the folder options window, the two options are ticked again when I re-open the Folder Options (on the specific PC we are working on). (To un-hide the affected files and folders, I use the attrib command, but this is not the issue now.)
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Yes, for sure! I fairly often work with external/flash drives of other people and quite often these are infected with worms like WORM/Agent.xxxxxx or W32/xxxxxx which hides folders as system files and then place their own executable file there with the same name as that of the folder and the folder icon in an attempt to trick one into double-clicking the exe file. If the extension is not hidden and system files are shown, it it is much easier to see that there is a problem. The fact that these two folder option settings are automatically switched back on after I have switched it off is the biggest reason for my suspicion of the presence of malware.
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

OK file extensions and hidden OS files are still being hidden
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

I havn't done anything, but internet access is back.
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

The options to hide fle extensions and protected operating system files keep being selected and CombFix still shows no progress. I have also lost the internet connection now.
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== FILES ========== File\Folder c:\windows\007493_.tmp not found. File\Folder c:\windows\system32\SET2E8.tmp not found. File\Folder c:\windows\006137_.tmp not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: B.T.J. Mkhize User: D.K. Gumbi User: Default User User: Guest User: LocalService User: M.G. Ntshangase User: M.T. Xulu User: N.P. Mathe User: NetworkService User: R.A. Cele User: T.H. Ngcobo ->Flash cache emptied: 379 bytes User: T.M. Mvelase User: X.L. Sithole Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: B.T.J. Mkhize ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: D.K. Gumbi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: M.G. Ntshangase ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: M.T. Xulu ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: N.P. Mathe ->Temp folder emptied: 162 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: R.A. Cele ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: T.H. Ngcobo ->Temp folder emptied: 429445 bytes ->Temporary Internet Files folder emptied: 1260472 bytes ->FireFox cache emptied: 62393611 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 0 bytes User: T.M. Mvelase ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: X.L. Sithole ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119318 bytes %systemroot%\System32 .tmp files removed: 45355601 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 675 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 37343 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 106.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.54.1 log created on 07262012_094917 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
- July 26, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Extras.txt: OTL Extras logfile created on: 2012/07/25 02:25:16 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\T.H. Ngcobo\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 494.73 Mb Total Physical Memory | 283.39 Mb Available Physical Memory | 57.28% Memory free 1.40 Gb Paging File | 1.01 Gb Available in Paging File | 71.90% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 25.55 Gb Free Space | 68.56% Space Free | Partition Type: NTFS Computer Name: VRYHEID-LM | User Name: T.H. Ngcobo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- Reg Error: Key error. scrfile [install] -- Reg Error: Key error. scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Parental Control\ParentalControl.exe" = C:\Program Files\Parental Control\ParentalControl.exe:*:Enabled:Crawler Parental Control -- (Crawler.com) "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{7029D123-6CF0-4414-A3B2-4B3B99B21E59}" = e-Sword "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91F93C15-D326-4B19-9DB5-1DC78634397C}" = newBruReports "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "ArcExplorer Java Edition" = ArcExplorer Java Edition "AVG" = AVG 2012 "Brother HL-5150D" = Brother HL-5150D "ESET Online Scanner" = ESET Online Scanner v3 "HijackThis" = HijackThis 1.99.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Parental Control" = Crawler Parental Control "PROSet" = Intel® PRO Network Adapters and Drivers "VKOM 301USB Normal Version_is1" = VKOM 301USB version 5.458 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2009/01/08 09:33:01 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009/01/08 11:35:16 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009/02/02 07:45:19 AM | Computer Name = VRYHEID-LM | Source = Application Error | ID = 1000 Description = Faulting application ctoolbar.exe, version 4.5.0.222, faulting module ctoolbar.exe, version 4.5.0.222, fault address 0x0001ac44. Error - 2009/02/05 05:46:33 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009/02/16 03:17:10 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009/02/26 08:12:48 AM | Computer Name = VRYHEID-LM | Source = Application Error | ID = 1000 Description = Faulting application BRSVC01A.EXE, version 1.0.0.4, faulting module unknown, version 0.0.0.0, fault address 0x0012e824. Error - 2009/02/26 09:00:59 AM | Computer Name = VRYHEID-LM | Source = Application Error | ID = 1000 Description = Faulting application BRSVC01A.EXE, version 1.0.0.4, faulting module unknown, version 0.0.0.0, fault address 0x0012e824. Error - 2009/02/26 09:19:45 AM | Computer Name = VRYHEID-LM | Source = Application Error | ID = 1000 Description = Faulting application BRSVC01A.EXE, version 1.0.0.4, faulting module unknown, version 0.0.0.0, fault address 0x0012e824. Error - 2009/04/06 04:40:29 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 2009/04/06 07:15:57 AM | Computer Name = VRYHEID-LM | Source = Application Hang | ID = 1002 Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 2012/07/24 08:17:02 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 2 (0x2). Error - 2012/07/24 08:17:04 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 259 (0x103). Error - 2012/07/24 08:18:01 AM | Computer Name = VRYHEID-LM | Source = Service Control Manager | ID = 7016 Description = The BrSplService service has reported an invalid current state 0. Error - 2012/07/24 09:35:16 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 2 (0x2). Error - 2012/07/24 09:35:18 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 259 (0x103). Error - 2012/07/25 02:27:42 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 2 (0x2). Error - 2012/07/25 02:27:44 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 259 (0x103). Error - 2012/07/25 03:20:29 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 2 (0x2). Error - 2012/07/25 03:20:31 AM | Computer Name = VRYHEID-LM | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 2012/07/25 03:20:31 AM | Computer Name = VRYHEID-LM | Source = Print | ID = 6161 Description = The document Test Page owned by T.H. Ngcobo failed to print on printer Brother HL-5070N series (Copy 1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\VRYHEID-LM. Win32 error code returned by the print processor: 259 (0x103). < End of report >
- July 25, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

OTL.txt: OTL logfile created on: 2012/07/25 02:25:16 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\T.H. Ngcobo\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd 494.73 Mb Total Physical Memory | 283.39 Mb Available Physical Memory | 57.28% Memory free 1.40 Gb Paging File | 1.01 Gb Available in Paging File | 71.90% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 25.55 Gb Free Space | 68.56% Space Free | Partition Type: NTFS Computer Name: VRYHEID-LM | User Name: T.H. Ngcobo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\T.H. Ngcobo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\system32\ChgService.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Parental Control\ParentalControl.exe (Crawler.com) PRC - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe () ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\ChgService.exe () MOD - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll () MOD - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Change Modem Device Service) -- C:\WINDOWS\system32\ChgService.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (mbr) -- C:\DOCUME~1\TH7BB1~1.NGC\LOCALS~1\Temp\mbr.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (cmnsusbser) -- C:\WINDOWS\system32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\Mrv8000c.sys (Marvell Semiconductor, Inc) DRV - (SMBios) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc) DRV - (BrPar) -- C:\WINDOWS\system32\drivers\BRPAR.SYS (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:3128 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/06 10:03:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/21 01:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/21 01:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Mozilla\Extensions [2012/07/25 08:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Mozilla\Firefox\Profiles\qjmj1hwr.default\extensions [2012/07/21 01:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/15 00:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - homepage: O1 HOSTS File: ([2003/03/31 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ParentalControl] C:\Program Files\Parental Control\ParentalControl.Exe (Crawler.com) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342541062625 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F040A7DC-1F30-4821-B9D4-DCDECB54CFB5}: NameServer = 196.43.1.11,196.25.1.11 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (System) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/08/06 15:00:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5245c1fc-1b37-11dd-9825-001111232aa1}\Shell\Auto\command - "" = D:\ O33 - MountPoints2\{5245c1fc-1b37-11dd-9825-001111232aa1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5245c1fc-1b37-11dd-9825-001111232aa1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe O33 - MountPoints2\{6a391068-9697-11dc-97b1-001111232aa1}\Shell - "" = Autorun O33 - MountPoints2\{6a391068-9697-11dc-97b1-001111232aa1}\Shell\AutoRun\command - "" = F:\SCVVHSOT.exe O33 - MountPoints2\{6a391068-9697-11dc-97b1-001111232aa1}\Shell\Open\command - "" = F:\SCVVHSOT.exe O33 - MountPoints2\{6b872f6f-06d0-11dd-9813-001111232aa1}\Shell - "" = AutoRun O33 - MountPoints2\{6b872f6f-06d0-11dd-9813-001111232aa1}\Shell\Auto\command - "" = D:\MicrosoftPowerPoint.exe O33 - MountPoints2\{6b872f6f-06d0-11dd-9813-001111232aa1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6b872f6f-06d0-11dd-9813-001111232aa1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe O33 - MountPoints2\{92fe0eb3-bf4e-11dc-97d9-001111232aa1}\Shell - "" = Autorun O33 - MountPoints2\{92fe0eb3-bf4e-11dc-97d9-001111232aa1}\Shell\AutoRun\command - "" = SCVVHSOT.exe O33 - MountPoints2\{92fe0eb3-bf4e-11dc-97d9-001111232aa1}\Shell\Open\command - "" = SCVVHSOT.exe O33 - MountPoints2\{96a15227-ba04-11dc-97d5-001111232aa1}\Shell - "" = AutoRun O33 - MountPoints2\{96a15227-ba04-11dc-97d5-001111232aa1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{96a15227-ba04-11dc-97d5-001111232aa1}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{d51aa597-9736-11dc-97b4-001111232aa1}\Shell\AutoRun\command - "" = ntde1ect.com O33 - MountPoints2\{d51aa597-9736-11dc-97b4-001111232aa1}\Shell\explore\Command - "" = ntde1ect.com O33 - MountPoints2\{d51aa597-9736-11dc-97b4-001111232aa1}\Shell\open\Command - "" = ntde1ect.com O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O34 - HKLM BootExecute: (sprecovr \SystemRoot\sprecovr.txt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/25 14:21:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\OTL.exe [2012/07/25 09:22:45 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/07/25 08:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/25 08:47:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/07/25 08:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/07/25 08:47:05 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/21 01:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\My Documents\Downloads [2012/07/21 01:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\Mozilla [2012/07/21 01:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Mozilla [2012/07/21 01:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/07/21 01:29:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/07/21 01:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/07/20 22:20:39 | 004,584,441 | R--- | C] (Swearware) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\ComboFix.exe [2012/07/20 08:42:04 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/20 08:35:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/07/20 08:35:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/07/20 08:35:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/07/20 08:35:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/07/20 08:33:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/20 08:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/19 14:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/07/19 10:25:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/07/19 08:28:36 | 000,000,000 | ---D | C] -- C:\53982c37fb4e5f4cb42dd1e3 [2012/07/19 08:08:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\T.H. Ngcobo\IECompatCache [2012/07/19 08:06:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\T.H. Ngcobo\PrivacIE [2012/07/19 08:01:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\T.H. Ngcobo\IETldCache [2012/07/18 08:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2012/07/17 17:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/07/17 17:43:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2012/07/17 17:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2012/07/17 17:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2012/07/17 08:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/07/17 08:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Desktop\rkilletc [2012/07/16 22:11:26 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\TDSSKiller.exe [2012/07/09 14:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Macromedia [2012/07/09 10:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\Google [2012/07/09 10:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\Deployment [2012/07/06 08:54:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/06 08:46:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\T.H. Ngcobo\Start Menu\Programs\Administrative Tools [2012/07/05 14:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2012/07/04 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Malwarebytes [2012/07/04 16:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [7 C:\Documents and Settings\T.H. Ngcobo\My Documents\*.tmp files -> C:\Documents and Settings\T.H. Ngcobo\My Documents\*.tmp -> ] [5 C:\*.tmp files -> C:\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [188 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/25 14:21:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\OTL.exe [2012/07/25 09:21:01 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/25 09:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/25 08:48:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/25 08:45:49 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/24 15:40:48 | 004,584,441 | R--- | M] (Swearware) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\ComboFix.exe [2012/07/24 14:24:19 | 102,076,494 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/07/21 01:40:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/07/21 01:29:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/07/21 01:29:21 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/07/21 00:32:14 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Desktop\fixme.reg [2012/07/20 10:27:54 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Desktop\rk-proxy.reg [2012/07/20 08:42:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/19 10:56:45 | 000,441,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/07/19 10:56:45 | 000,071,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/07/19 10:14:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/07/19 08:42:37 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/18 09:01:21 | 002,000,252 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2012/07/17 18:04:00 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\dt.dat [2012/07/17 16:37:07 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/07/17 13:20:03 | 000,049,695 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/07/17 09:23:46 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Desktop\MS Word.lnk [2012/07/17 08:34:05 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\TDSSKiller.exe [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [7 C:\Documents and Settings\T.H. Ngcobo\My Documents\*.tmp files -> C:\Documents and Settings\T.H. Ngcobo\My Documents\*.tmp -> ] [5 C:\*.tmp files -> C:\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [188 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/25 08:48:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/21 01:29:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/07/21 01:29:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/07/21 01:29:21 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/07/21 00:36:57 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Desktop\fixme.reg [2012/07/20 10:27:54 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Desktop\rk-proxy.reg [2012/07/20 08:42:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/20 08:42:05 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/20 08:35:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/07/20 08:35:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/07/20 08:35:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/07/20 08:35:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/07/20 08:35:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/07/19 08:01:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Start Menu\Programs\Internet Explorer.lnk [2012/07/17 18:31:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/17 18:31:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/07/17 18:04:00 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\dt.dat [2011/10/17 09:09:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ChgService.exe [2007/08/31 09:15:04 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Favorites.axl [2007/08/08 07:55:52 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/07 15:27:37 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\aimsproxy.properties [2007/08/07 15:27:37 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\T.H. Ngcobo\aimsclient.properties ========== LOP Check ========== [2012/07/24 15:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater [2012/07/04 12:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/03/02 09:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2012/03/02 09:13:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/02/26 13:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2012/07/24 14:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/07/11 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParentalControl [2012/03/02 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\AVG2012 [2007/08/07 11:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Grisoft [2007/08/08 15:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\T.H. Ngcobo\Application Data\ParentalControl ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007/08/06 15:00:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007/08/07 08:05:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/07/20 08:42:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2007/08/06 15:00:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/08/06 15:00:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/01/03 16:07:33 | 000,000,484 | ---- | M] () -- C:\LOG1.log [2008/07/10 12:56:10 | 000,000,484 | ---- | M] () -- C:\LOG2.log [2008/01/18 10:05:28 | 000,000,484 | ---- | M] () -- C:\LOG3.log [2009/01/09 15:29:10 | 000,000,484 | ---- | M] () -- C:\LOG4.log [2009/04/02 14:07:54 | 000,000,484 | ---- | M] () -- C:\LOGB.log [2007/08/06 15:00:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2007/08/07 07:59:54 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2012/07/17 16:37:07 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/07/25 09:40:17 | 1067,544,576 | -HS- | M] () -- C:\pagefile.sys [2008/01/22 11:42:07 | 000,017,696 | ---- | M] () -- C:\Rescued document.txt [2012/07/20 10:27:54 | 000,000,732 | ---- | M] () -- C:\rkill.log [2012/07/06 08:54:52 | 000,077,280 | ---- | M] () -- C:\TDSSKiller.2.7.44.0_06.07.2012_08.52.53_log.txt [2012/07/20 23:51:35 | 000,076,042 | ---- | M] () -- C:\TDSSKiller.2.7.46.0_20.07.2012_23.48.15_log.txt [5 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\Fonts\*.com > [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2007/08/06 14:59:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2003/08/29 02:00:00 | 000,026,288 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL [2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2007/08/06 13:29:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2007/08/06 13:29:58 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2007/08/06 13:29:58 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > [2012/07/17 17:46:48 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2007/08/07 08:54:06 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini [2007/08/06 15:07:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf < %USERPROFILE%\Desktop\*.exe > [2012/07/21 00:08:56 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\ATF-Cleaner.exe [2012/07/24 15:40:48 | 004,584,441 | R--- | M] (Swearware) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\ComboFix.exe [2002/08/07 14:02:18 | 000,581,632 | ---- | M] (Joshua F. Madison) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\Convert.exe [2012/07/25 08:45:49 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/25 14:21:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\OTL.exe [2012/07/16 22:11:26 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\TDSSKiller.exe [2008/05/31 19:49:32 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\T.H. Ngcobo\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2007/08/07 08:54:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Favorites\Desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > [2011/10/17 14:42:00 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Cookies\desktop.ini [2012/07/25 10:30:31 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\T.H. Ngcobo\Cookies\index.dat < %SystemRoot%\system32\fonts\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2007-12-14 01:04:00 < End of report >
- July 25, 2012
- 100 replies
D.D.S. Script don't produce text file

JohanF replied to JohanF's topic in Resolved Malware Removal Logs

Here is the dds log after removing those 4 files and rebooting: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 Run by T.H. Ngcobo at 10:28:48 on 2012-07-25 . ============== Running Processes =============== . C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\ChgService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Parental Control\ParentalControl.Exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe C:\Documents and Settings\T.H. Ngcobo\Desktop\rkilletc\dds.com C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = about:blank uInternet Settings,ProxyServer = localhost:3128 mWinlogon: Userinit=c:\windows\system32\userinit.exe,System, BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [ParentalControl] c:\program files\parental control\ParentalControl.Exe /SERVICE mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE uPolicies-explorer: NoMultiIE = 0 (0x0) uPolicies-explorer: LWA = 0 (0x0) uPolicies-explorer: LWB = 0 (0x0) uPolicies-explorer: LWC = 0 (0x0) uPolicies-explorer: LWD = 0 (0x0) uPolicies-explorer: LWE = 0 (0x0) uPolicies-explorer: LWF = 0 (0x0) uPolicies-explorer: LWG = 0 (0x0) uPolicies-explorer: LWH = 0 (0x0) uPolicies-explorer: LWI = 0 (0x0) uPolicies-explorer: LWJ = 0 (0x0) uPolicies-explorer: LWK = 0 (0x0) uPolicies-explorer: LWL = 0 (0x0) uPolicies-explorer: LWM = 0 (0x0) uPolicies-explorer: LWN = 0 (0x0) uPolicies-explorer: LWO = 0 (0x0) uPolicies-explorer: LWP = 0 (0x0) uPolicies-explorer: LWQ = 0 (0x0) uPolicies-explorer: LWR = 0 (0x0) uPolicies-explorer: LWS = 0 (0x0) uPolicies-explorer: LWT = 0 (0x0) uPolicies-explorer: LWU = 0 (0x0) uPolicies-explorer: LWV = 0 (0x0) uPolicies-explorer: LWW = 0 (0x0) uPolicies-explorer: LWX = 0 (0x0) uPolicies-explorer: LWY = 0 (0x0) uPolicies-explorer: LWZ = 0 (0x0) uPolicies-system: DisableClock = 0 (0x0) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342541062625 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab TCP: Interfaces\{F040A7DC-1F30-4821-B9D4-DCDECB54CFB5} : NameServer = 196.43.1.11,196.25.1.11 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\t.h. ngcobo\application data\mozilla\firefox\profiles\qjmj1hwr.default\ FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R? cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s R? MozillaMaintenance;Mozilla Maintenance Service S? AVGIDSHX;AVGIDSHX S? Avgldx86;AVG AVI Loader Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? avgwd;AVG WatchDog S? Change Modem Device Service;Change Modem Device Service S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService . =============== Created Last 30 ================ . 2012-07-25 07:22:45 -------- d-s---w- C:\ComboFix 2012-07-25 06:47:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-25 06:47:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-20 06:42:04 -------- d-sha-r- C:\cmdcons 2012-07-20 06:35:08 98816 ----a-w- c:\windows\sed.exe 2012-07-20 06:35:08 518144 ----a-w- c:\windows\SWREG.exe 2012-07-20 06:35:08 256000 ----a-w- c:\windows\PEV.exe 2012-07-20 06:35:08 208896 ----a-w- c:\windows\MBR.exe 2012-07-19 12:21:10 -------- d-----w- c:\program files\ESET 2012-07-19 06:28:36 -------- d-----w- C:\53982c37fb4e5f4cb42dd1e3 2012-07-19 06:08:04 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\IECompatCache 2012-07-19 06:06:24 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\PrivacIE 2012-07-19 06:01:49 -------- d-sh--w- c:\documents and settings\t.h. ngcobo\IETldCache 2012-07-18 06:57:00 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-18 06:52:53 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-07-18 06:51:44 -------- d-----w- c:\windows\ie8updates 2012-07-18 06:50:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-07-18 06:50:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-07-18 06:50:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-07-17 16:34:51 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-07-17 16:31:48 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-07-17 16:31:48 3072 ------w- c:\windows\system32\iacenc.dll 2012-07-17 16:28:12 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-07-17 16:28:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-07-17 16:27:28 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-07-17 16:24:29 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-07-17 16:24:13 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-07-17 16:24:08 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2012-07-17 16:23:50 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll 2012-07-17 16:23:50 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-07-17 16:23:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-07-17 16:22:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2012-07-17 16:21:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-07-17 16:19:41 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-07-17 16:19:41 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-07-17 16:17:36 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2012-07-17 16:13:49 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2012-07-17 16:12:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-07-17 16:12:46 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-07-17 16:06:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-17 15:45:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2012-07-17 15:45:18 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll 2012-07-17 15:44:42 9728 ------w- c:\windows\system32\rwnh.dll 2012-07-17 15:44:41 10752 ------w- c:\windows\system32\smtpapi.dll 2012-07-17 15:42:51 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe 2012-07-17 15:42:46 -------- d-----w- c:\windows\l2schemas 2012-07-17 15:42:45 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll 2012-07-17 15:42:44 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll 2012-07-17 15:42:44 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll 2012-07-17 15:42:44 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll 2012-07-17 15:42:44 -------- d-----w- c:\windows\system32\en 2012-07-17 14:38:58 97280 ----a-w- c:\windows\system32\SET2E6.tmp 2012-07-17 14:37:58 75264 ----a-w- c:\windows\system32\SET1A0.tmp 2012-07-09 08:32:25 -------- d-----w- c:\documents and settings\t.h. ngcobo\local settings\application data\Google 2012-07-09 08:31:17 -------- d-----w- c:\documents and settings\t.h. ngcobo\local settings\application data\Deployment 2012-07-06 06:54:20 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-04 14:08:59 -------- d-----w- c:\documents and settings\t.h. ngcobo\application data\Malwarebytes 2012-07-04 14:08:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-02 09:27:04 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys 2012-07-02 09:27:04 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2012-07-02 09:27:02 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2012-07-02 09:27:02 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys . ==================== Find3M ==================== . 2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 10:31:06.62 ===============
- July 25, 2012
- 100 replies

Events

Profiles

Forums

Everything posted by JohanF

Important Information